Data Breaches, Security Incidents, Events, and How they Differ

3 minute read

When experiencing a cyberattack, identifying it is an important first step

Statistically speaking, it’s likely that your company will, or already has experienced a cyberattack. According to a KPMG survey, 62% of companies in the Americas experienced a cyber incident or a data breach in 2022. It’s scary stuff, but perhaps more importantly, it’s often confusing – cyber events, data breaches, security incidents – what’s the difference and if the majority of companies in the Americas have experienced some form of cyberattack, what does that mean? 

Malware and ransomware deployment remained high in Q2 of 2022 and there is little reason to believe that they will decrease given their effectiveness. Identifying what type of threat your business has been exposed to is an important first step towards conceptualizing a response plan and minimizing negative monetary, regulatory, and reputational risks you may face.

Identifying a cybersecurity event

Events are daily occurrences for many businesses in which data or records could have been exposed. A common example of this is receiving a phishing email or a firewall blocking a connection attempt. With adequate cybersecurity practices in place, it is rare that an event is cause for major concern. However, if a potentially harmful event is found, it’s important to notify the right teams that may come across it and work with your security team to determine what next steps should be taken to mitigate any risk it could introduce. 

Identifying a cybersecurity incident

The National Cyber Security Centre defines an incident as an infiltration “of a system’s security policy in order to affect its integrity or availability and/or the unauthorized access or attempted access to a system.” This could be something as simple as a bad actor finding a lost flash drive with sensitive information. Over time, however, bad actors have evolved their tactics, and more common incidents today take the form of direct attempts to access systems and/or data or make changes to firmware, software, or hardware.

Identifying a data breach

A data breach is a security (or privacy) incident that meets specific legal definitions as per state and federal breach laws. If a data breach occurs, your organization is required to notify affected individuals, regulatory agencies, and credit reporting agencies. 

While data breaches may be less likely to occur than incidents and events, they are by far the most severe. To avoid legal ramifications and public scrutiny, writing off a potential breach as an incident may be tempting, but the consequences may cripple a company if they choose to do so. Documentation and performing multi-factor incident risk assessments falls on the company to demonstrate compliance. Failure to provide thorough documentation can lead to penalties and corrective action plans from regulators. 

How to avoid events escalating to breaches

The most effective way to mitigate the negative effects from events is to thoroughly and consistently train employees on how to identify and report events. Even with well-trained employees, events can quickly escalate to breaches. The 2022 Verizon Data Breach Investigations Report found that 82% of breaches involved the human element, which is why end-to-end cybersecurity protection is crucial to ensure assets are safe from human error. 
Finally, having a breach response plan is a crucial line of defense that can help identify incidents before they have the opportunity to escalate. With cyber risks on the rise, it’s important to be prepared for the worst in order to protect your brand, your assets, and your people.

See ZeroFox in action